保安警报 (A17-09-03): Microsoft 产品多个漏洞 (2017年9月)

描述:

 Microsoft 发布了 80 个安全性更新，以应对多个影响个别 Microsoft 产品或元件漏洞，其中一项更新加强了多属防御措施的保安。 

有报告指漏洞正受到攻击。

受影响的系统:

• Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7
• Microsoft Internet Explorer 9, 10, 11
• Microsoft Edge
• Microsoft Windows 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
• Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, 2011 for Mac, 2016 for Mac
• Microsoft Office Compatibility Pack
• Microsoft Office Web Apps 2010, 2013
• Microsoft Office Web Apps Server 2013
• Microsoft Office Word Viewer
• Office Online Server
• Microsoft Excel 2007, 2010, 2013, 2013 RT, 2016, 2011 for Mac, 2016 for Mac
• Microsoft Excel Viewer 2007
• Microsoft Excel Web App 2013
• Excel Services
• Microsoft PowerPoint 2007, 2010, 2013, 2013 RT, 2016
• Microsoft PowerPoint Viewer 2007
• Microsoft Live Meeting 2007 Add-in, 2007 Console
• Microsoft Lync 2010, 2010 Attendee, 2013, Basic 2013
• Microsoft Outlook 2007, 2010, 2013, 2013 RT, 2016
• Microsoft Exchange Server 2013, 2016
• Microsoft Publisher 2007, 2010
• Microsoft SharePoint Foundation 2013, Server 2013, Enterprise Server 2016
• Skype for Business 2016, 2016 Basic

有关受影响产品的完整列表，请参阅Microsoft资讯安全技术中心:

https://portal.msrc.microsoft.com/en-us/security-guidance

影响:

 成功利用这些漏洞可以导致远端执行程式码、提高权限、泄漏资讯、服务受阻断、绕过保安限制或仿冒诈骗，视乎攻击者利用哪个漏洞而定。 

建议:

 受影响产品的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的用户应遵从产品供应商的建议，立即采取行动以降低风险。 

进一步信息:

 https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/5984735e-f651-e711-80dd-000d3a32fc99
https://support.microsoft.com/en-us/help/20170912/security-update-deployment-information
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170013
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170015
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
https://www.hkcert.org/my_url/zh/alert/17091301
https://www.us-cert.gov/ncas/current-activity/2017/09/12/Microsoft-Releases-September-2017-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8628 (to CVE-2017-8632)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8675 (to CVE-2017-8688)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8706 (to CVE-2017-8714)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8723 (to CVE-2017-8725)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8733 (to CVE-2017-8759)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11766